beaconmcse
asked on
Safely remove and modify access-list via IPSEC Tunnel connection
e are moving to another ISP provider which results in changing our ip address configuration on our router interface. Interface 4 is connected currently to a cable modem going via ipsec tunnel.
interface FastEthernet4
description Link to Cable Modem
ip address 24.x.x.x 255.255.255.0
ip mtu 1438
load-interval 30
duplex auto
speed auto
crypto map VPN
However, I will need to modify our access-list remotely. I know that if I remove the access-list, I will lose connectivity remotely. Can anyone suggest a safe way to do this properly? I will need to modify it but I know once the changes are pasted, I will lose connectivity. Any help?
Currently the access- list is as follows.
access-list 1 permit 24.x.x.x
access-list 1 permit 65.x.x.xx.x
access-list 1 remark SNMP and Remote Access
access-list 1 permit x.x.x.x
access-list 1 permit x.xx.x.x
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 1 permit 65.x.x.x 0.0.0.x
access-list 1 deny any log
access-list 100 deny ip any host x.x.x.x
access-list 100 deny ip any host x.x.x.x
access-list 100 deny ip any host x.x.x.x
access-list 100 permit ip any any
access-list 101 deny ip any host 24.x.x.x
access-list 101 deny ip any host x.x.x.x
access-list 101 deny ip any host x.x.x.x
access-list 101 deny ip any host 96.x.x.x.
access-list 101 permit ip any any
crypto map VPN 15 ipsec-isakmp
set peer 65.x.x.x
set transform-set 3DES-SHA
set pfs group2
match address 101
interface FastEthernet4
description Link to Cable Modem
ip address 24.x.x.x 255.255.255.0
ip mtu 1438
load-interval 30
duplex auto
speed auto
crypto map VPN
However, I will need to modify our access-list remotely. I know that if I remove the access-list, I will lose connectivity remotely. Can anyone suggest a safe way to do this properly? I will need to modify it but I know once the changes are pasted, I will lose connectivity. Any help?
Currently the access- list is as follows.
access-list 1 permit 24.x.x.x
access-list 1 permit 65.x.x.xx.x
access-list 1 remark SNMP and Remote Access
access-list 1 permit x.x.x.x
access-list 1 permit x.xx.x.x
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 1 permit 65.x.x.x 0.0.0.x
access-list 1 deny any log
access-list 100 deny ip any host x.x.x.x
access-list 100 deny ip any host x.x.x.x
access-list 100 deny ip any host x.x.x.x
access-list 100 permit ip any any
access-list 101 deny ip any host 24.x.x.x
access-list 101 deny ip any host x.x.x.x
access-list 101 deny ip any host x.x.x.x
access-list 101 deny ip any host 96.x.x.x.
access-list 101 permit ip any any
crypto map VPN 15 ipsec-isakmp
set peer 65.x.x.x
set transform-set 3DES-SHA
set pfs group2
match address 101
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.